Your forum post has been passed around internally a bit here and we're puzzled as well. As far as we know we aren't doing anything with codepush.azurewebsites.net. We take this case extremely seriously though so we are investigating to see if there is any possible blame on our software. You provided an sha256 hash but what version of OpenVPN Connect for Android are you running right now? And you appear to be side-loading it- any reason for that as opposed to just using the Google Play Store? See, personally I'm thinking this might have something to do with the issue, so that's why I'm asking for details.

I see. Well we didn't test for Lineage OS. We did have someone check the hash of the apk and it appears to be correct. We still have no clue however where this extra connection to azure is coming from though, but it is the weekend, so perhaps some of the dev guys will have some idea of what to check when they get back in the office.

We have finally gotten to the bottom of this. I am sorry it took so long but there was the weekend inbetween and I had to chase it down quite far.

The good news is, it's not a virus. The bad news is, this was not supposed to be in a public release.

We are working on a better update system for the OpenVPN Connect app in Android using something called codepush. It was decided that a better software update mechanism was needed to speed up bug fixes and compatibility fixes. However it was also decided that there should be an opt-out function for this and that the connections would be made to an *.openvpn.net domain so that it is easy to understand what is going on.

We are doing an internal investigation as to what happened but it looks like code was prepared, was supposed to not be active, until we finished this up. Somehow this code got activated. Currently it doesn't actually work as it's still in development. We are going to change our procedures so this doesn't happen again, and we'll release an update soon that will resolve the issue, either by killing the code or by implementing it properly with opt-out and *.openvpn.net domain for the updates.

So, our apologies, but this is what happened, and it is fortunately not a malware or a virus thing. It actually currently doesn't even work. It's our fault and we'll fix it asap.